IT Risk Analyst and Reporting Manager Porto

IT Risk Analyst and Reporting Manager
Porto
Porto, Porto District, Portugal

The IT Risk Analyst will be actively involved in the 2 following main missions of the Cloud CISO team:

• Maintain cloud cybersecurity risk cartography using tools such as Service
  Now.
• Cyber risk assessments with methods based on ISO 27005.

His role will be to analyze, report, provide a critical eye and to be a source of proposal, so he will have to be strongly skilled in cybersecurity.

For this purpose, he will work in close collaboration with the Cloud CISO team based in Paris and an IT Risk Analyst based in Lisbon.

He will also provide help on the move to
- party software by entities, studying and analyzing cases, being a stakeholder in risk assessments, and following up with third parties to the IT Risk Analyst and Third Party manager in Lisbon if necessary.

Main Responsibilities:

Maintain cloud cybersecurity risk cartography:

• Follow-up data quality and comprehensiveness in cloud assets referential (Cloud Register) and cloud risks referential (cloud risks in the Risk Register) in Service
  Now tooling.
• Build, improve, and provide risk reporting templates using Service
  Now or an external tool (such as Tableau).
• Provide periodic cloud risk reporting.
• Active role in the preparation of quarterly cloud risk committees.
• Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and impacts of remediation plans progress on risks.
• Skills to follow up/challenge remediation plans implemented by service providers or entities.
• Contribute actively in risk assessments of cloud platforms and cloud applications.
• Ideally, skills to lead risk assessments following ISO 27005/EBIOS Risk Manager methods.

Other activities:

• Contribute in (cloud)
  - party onboarding studies (risk assessment, review of case studies, etc. ).
• Contribute to governance/organization topics on
  - party cases.
• Contribute to governance/organization topics related to the team.
• Contribute to
  - up of
  - party governance in run.

Profile

Technical skills:

• Certification ISO 27001.
• Knowledge of a risk management tool such as Service
  Now or reporting tool such as Tableau.
• Knowledge on Cloud specific Cyber Security (such as SOC2, CSA, ISO27017).
• Knowledge on Cyber Security control frameworks (such as NIST, CIS).
• Knowledge in project management.
• French (nice to have).
• Collaborative skills, and the ability to communicate information.
• Excellent written and verbal communication skills.
• Ability to take pragmatic decisions in a changing world, in consistency with the strategic view.
• Must be a critical thinker, with strong
  - solving skills.

Presentation of the group

Consort Portugal, set up in 2021 to meet the challenges of offshoring, is now focusing on digital services for local companies:

• Support the offshoring strategies of the Group’s customers, particularly in Europe.
• Offer Portuguese economic players the expertise of its 2 communities: Consortis, leader in managed infrastructure services, and Consortia, expert in Data, Digital Development and Media Engineering.

Consort Portugal’s culture encourages autonomy and individual responsibility. In-house training and support from the management team, and the commitment of each individual, contribute to a high level of technical skills and quality services.

Consort Portugal implements the Group’s HR policies, mobilizing its energies to promote individual
- being and inclusion.

Send your resume or any other relevant file (pdf, doc, docx, jpg). Max. size: 5 MB.